Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
185 views
in Technique[技术] by (71.8m points)

android - Is there a safe way to manage API keys?

I am using an API within my app. I currently manage the API key from a java interface

public interface APIContract {
    //The API KEY MUST NOT BE PUBLISH. It is possible to generate a new one for free from www.themoviedb.org
    //Remove before commit !!!
    String API_KEY = "abcdefghijklmnopqrstuvwxyz";
    /...
}

This do the job. I can access the key using APIContract.API_KEY, but as you can see in the comment this is not safe if I use git and a public repository (I am not suppose to publish this key).

So here is my question : is it possible to move this key in another place which I can easily access from my app but which will not be committed ?

I found this thread which use gradle to store the key, but I need to commit the build.gradle file so it does not do the job.

Does someone know how to solve this problem ? I did not find similar problem in stackoverflow but maybe I missed something

EDIT I love the idea of moving the key outside any java code because other people (maybe non technical people) can easily manage their own key. I was thinking about using a gradle file like settings.gradle.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

1. Store api keys in an xml file

Put xml file "api_keys.xml" in the directory "res/values/".

api_keys.xml

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <string name="THE_MOVIE_DB_API_TOKEN">XXXXX</string>
</resources>

use api keys in java code

context.getString(R.string.THE_MOVIE_DB_API_TOKEN);

2. Store API keys with help of Gradle and the gradle.properties file

Example_0 Example_1

Add the following line to [USER_HOME]/.gradle/gradle.properties

For Windows OS, an example for Denis user:

C:UsersDenis.gradle

gradle.properties

MyTheMovieDBApiToken="XXXXX"

Add the following code to the build.gradle file

build.gradle

apply plugin: 'com.android.application'

android {
    ...

    defaultConfig {
        ...
    }
    buildTypes {
        release {
            ...
        }
    }
    buildTypes.each {
      it.buildConfigField 'String', 'THE_MOVIE_DB_API_TOKEN', MyTheMovieDBApiToken
    }
}

use api keys in java code

BuildConfig.THE_MOVIE_DB_API_TOKEN)

3. Store API keys with help of gradle and the system path variable

Example_0

Add new system PATH variable THE_MOVIE_DB_API_TOKEN="XXXXX":

For Windows OS:

  • open system
  • advanced system settings
  • environment variables
  • add new variables to the user variables

Add the following code to the build.gradle file

build.gradle

apply plugin: 'com.android.application'

android {
    ...

    defaultConfig {
        ...
    }
    buildTypes {
        release {
            ...
        }
        buildTypes.each {
            it.buildConfigField 'String', 'THE_MOVIE_DB_API_TOKEN', ""$System.env.THE_MOVIE_DB_API_TOKEN""
        }
    }
}

use API keys in java code

BuildConfig.THE_MOVIE_DB_API_TOKEN

Link to my gist on github


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...